From 1b501f03f9f5013ea2a180bf51798824e1241243 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Tue, 2 May 2017 20:45:01 +0100 Subject: [PATCH 01/10] recover a lost trim in permissions modules names parsing --- OpenSim/Region/Application/OpenSimBase.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs index 168836c1e9..0862fcf302 100644 --- a/OpenSim/Region/Application/OpenSimBase.cs +++ b/OpenSim/Region/Application/OpenSimBase.cs @@ -237,7 +237,7 @@ namespace OpenSim string permissionModules = Util.GetConfigVarFromSections(Config, "permissionmodules", new string[] { "Startup", "Permissions" }, "DefaultPermissionsModule"); - m_permsModules = new List(permissionModules.Split(',')); + m_permsModules = new List(permissionModules.Split(',').Select(m => m.Trim())); managedStatsURI = startupConfig.GetString("ManagedStatsRemoteFetchURI", String.Empty); managedStatsPassword = startupConfig.GetString("ManagedStatsRemoteFetchPassword", String.Empty); From b0244107dce787122c8b857f3903455ea7fc2281 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 15:31:42 +0100 Subject: [PATCH 02/10] viewer can't tell if a taskitem is group owned if we don't tell him; missing taskInv serial update --- .../Framework/Scenes/SceneObjectPartInventory.cs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 8c9d0bb4e3..3ed37a2fe8 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -207,6 +207,7 @@ namespace OpenSim.Region.Framework.Scenes item.PermsGranter = UUID.Zero; item.OwnerChanged = true; } + m_inventorySerial++; m_items.LockItemsForWrite(false); } @@ -222,7 +223,7 @@ namespace OpenSim.Region.Framework.Scenes m_items.LockItemsForWrite(false); return; } - + m_inventorySerial++; // Don't let this set the HasGroupChanged flag for attachments // as this happens during rez and we don't want a new asset // for each attachment each time @@ -1179,6 +1180,7 @@ namespace OpenSim.Region.Framework.Scenes foreach (TaskInventoryItem item in m_items.Values) { UUID ownerID = item.OwnerID; + UUID groupID = item.GroupID; uint everyoneMask = item.EveryonePermissions; uint baseMask = item.BasePermissions; uint ownerMask = item.CurrentPermissions; @@ -1201,7 +1203,12 @@ namespace OpenSim.Region.Framework.Scenes invString.AddNameValueLine("last_owner_id", item.LastOwnerID.ToString()); - invString.AddNameValueLine("group_id", item.GroupID.ToString()); + invString.AddNameValueLine("group_id",groupID.ToString()); + if(groupID != UUID.Zero && ownerID == groupID) + invString.AddNameValueLine("group_owned","1"); + else + invString.AddNameValueLine("group_owned","0"); + invString.AddSectionEnd(); if (includeAssets) From 94bb6d965e8c6e185b378546e2b84b1db8cadd80 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 16:03:26 +0100 Subject: [PATCH 03/10] change taskInventory copy/move to agents inventory rules --- .../World/Permissions/PermissionsModule.cs | 29 ++++++++++++------- .../Framework/Scenes/Scene.Inventory.cs | 7 +---- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 18d164f1e1..4c4a8a53d5 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -1678,7 +1678,6 @@ namespace OpenSim.Region.CoreModules.World.Permissions return false; } - private bool CanReturnObjects(ILandObject land, ScenePresence sp, List objects) { DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); @@ -2289,23 +2288,31 @@ namespace OpenSim.Region.CoreModules.World.Permissions if (sog == null) return false; - uint perms = GetObjectPermissions(userID, sog, true); - if((perms & (uint)PermissionMask.Modify) == 0) + if(sog.OwnerID == userID || IsAdministrator(userID)) + return true; + + if(sog.IsAttachment) + return false; + + UUID sogGroupID = sog.GroupID; + + if(sogGroupID == UUID.Zero || sogGroupID != sog.OwnerID) return false; TaskInventoryItem ti = part.Inventory.GetInventoryItem(itemID); if(ti == null) return false; - uint itperms = GetObjectItemPermissions(userID, ti); + ulong powers = 0; + if(GroupMemberPowers(sogGroupID, userID, ref powers)) + { + if(powers == (ulong)GroupPowers.ObjectManipulate) + return true; - if((itperms & (uint)PermissionMask.Copy) == 0) - return false; - - if(sog.OwnerID != userID && (itperms & (uint)PermissionMask.Transfer) == 0) - return false; - - return true; + if((ti.EveryonePermissions & (uint)PermissionMask.Copy) != 0) + return true; + } + return false; } // object inventory to object inventory item drag and drop diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index afdd99ea44..ca1e0a81d1 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -1388,11 +1388,7 @@ namespace OpenSim.Region.Framework.Scenes } if (!Permissions.CanCopyObjectInventory(itemId, part.UUID, remoteClient.AgentId)) - { - // check also if we can delete the no copy item - if(!Permissions.CanEditObject(part.UUID, remoteClient.AgentId)) - return; - } + return; string message; InventoryItemBase item = MoveTaskInventoryItem(remoteClient, folderId, part, itemId, out message); @@ -1769,7 +1765,6 @@ namespace OpenSim.Region.Framework.Scenes itemInfo.CurrentPermissions &= currentItem.BasePermissions; itemInfo.NextPermissions &= currentItem.BasePermissions; } - } else { From 4c42716022e2dfcf70e84b05011df6db63bbe221 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 18:11:50 +0100 Subject: [PATCH 04/10] taskitem group owned information was still incorrect --- .../Region/Framework/Scenes/SceneObjectPartInventory.cs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 3ed37a2fe8..1db68806e6 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -1199,15 +1199,20 @@ namespace OpenSim.Region.Framework.Scenes invString.AddNameValueLine("next_owner_mask", Utils.UIntToHexString(item.NextPermissions)); invString.AddNameValueLine("creator_id", item.CreatorID.ToString()); - invString.AddNameValueLine("owner_id", ownerID.ToString()); invString.AddNameValueLine("last_owner_id", item.LastOwnerID.ToString()); invString.AddNameValueLine("group_id",groupID.ToString()); if(groupID != UUID.Zero && ownerID == groupID) + { + invString.AddNameValueLine("owner_id", UUID.Zero.ToString()); invString.AddNameValueLine("group_owned","1"); + } else + { + invString.AddNameValueLine("owner_id", ownerID.ToString()); invString.AddNameValueLine("group_owned","0"); + } invString.AddSectionEnd(); From fc462747329379c923bcc38cd11c43823b7e3cf1 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 19:10:02 +0100 Subject: [PATCH 05/10] still another missing conversion btw viewer and OS on groupd owned --- .../Region/Framework/Scenes/SceneObjectPartInventory.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 1db68806e6..4df1f27bdf 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -236,10 +236,7 @@ namespace OpenSim.Region.Framework.Scenes IList items = new List(Items.Values); foreach (TaskInventoryItem item in items) { - if (groupID != item.GroupID) - { - item.GroupID = groupID; - } + item.GroupID = groupID; } m_items.LockItemsForWrite(false); } @@ -1020,6 +1017,9 @@ namespace OpenSim.Region.Framework.Scenes if (item.GroupPermissions != (uint)PermissionMask.None) item.GroupID = m_part.GroupID; + if(item.OwnerID == UUID.Zero) // viewer to internal enconding of group owned + item.OwnerID = item.GroupID; + if (item.AssetID == UUID.Zero) item.AssetID = m_items[item.ItemID].AssetID; From 3ef583f205910c35e7537c3d725e66629fc95a30 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 19:39:42 +0100 Subject: [PATCH 06/10] fix right to change permissions of group owned taskitems --- .../Region/Framework/Scenes/Scene.Inventory.cs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index ca1e0a81d1..d55311e0e4 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -1738,7 +1738,24 @@ namespace OpenSim.Region.Framework.Scenes // Check if we're allowed to mess with permissions if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god { + bool noChange; if (remoteClient.AgentId != part.OwnerID) // Not owner + { + noChange = true; + if(itemInfo.OwnerID == UUID.Zero && itemInfo.GroupID != UUID.Zero) + { + if(remoteClient.IsGroupMember(itemInfo.GroupID)) + { + ulong powers = remoteClient.GetGroupPowers(itemInfo.GroupID); + if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) + noChange = false; + } + } + } + else + noChange = false; + + if(noChange) { // Friends and group members can't change any perms itemInfo.BasePermissions = currentItem.BasePermissions; From d62aed7f468d50a3b1f9ee678be9ba66d77a9218 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 3 May 2017 21:12:16 +0100 Subject: [PATCH 07/10] fix right to change permissions of group owned objects --- .../World/Permissions/PermissionsModule.cs | 33 ++++++++++++++++++- .../Framework/Scenes/Scene.Permissions.cs | 20 +++++++++++ .../Framework/Scenes/SceneObjectPart.cs | 7 ++-- 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs index 4c4a8a53d5..45c1c561e7 100644 --- a/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs +++ b/OpenSim/Region/CoreModules/World/Permissions/PermissionsModule.cs @@ -293,6 +293,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions scenePermissions.OnDeleteObject += CanDeleteObject; scenePermissions.OnEditObjectByIDs += CanEditObjectByIDs; scenePermissions.OnEditObject += CanEditObject; + scenePermissions.OnEditObjectPerms += CanEditObjectPerms; scenePermissions.OnInventoryTransfer += CanInventoryTransfer; scenePermissions.OnMoveObject += CanMoveObject; scenePermissions.OnTakeObject += CanTakeObject; @@ -391,6 +392,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions scenePermissions.OnDeleteObject -= CanDeleteObject; scenePermissions.OnEditObjectByIDs -= CanEditObjectByIDs; scenePermissions.OnEditObject -= CanEditObject; + scenePermissions.OnEditObjectPerms -= CanEditObjectPerms; scenePermissions.OnInventoryTransfer -= CanInventoryTransfer; scenePermissions.OnMoveObject -= CanMoveObject; scenePermissions.OnTakeObject -= CanTakeObject; @@ -1387,6 +1389,35 @@ namespace OpenSim.Region.CoreModules.World.Permissions return true; } + private bool CanEditObjectPerms(SceneObjectGroup sog, UUID userID) + { + DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); + if (m_bypassPermissions) return m_bypassPermissionsValue; + + if (sog == null) + return false; + + if(sog.OwnerID == userID || IsAdministrator(userID)) + return true; + + UUID sogGroupID = sog.GroupID; + if(sogGroupID == UUID.Zero || sogGroupID != sog.OwnerID) + return false; + + uint perms = sog.EffectiveOwnerPerms; + if((perms & (uint)PermissionMask.Modify) == 0) + return false; + + ulong powers = 0; + if(GroupMemberPowers(sogGroupID, userID, ref powers)) + { + if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) + return true; + } + + return false; + } + private bool CanEditObjectInventory(UUID objectID, UUID userID) { DebugPermissionInformation(MethodInfo.GetCurrentMethod().Name); @@ -2306,7 +2337,7 @@ namespace OpenSim.Region.CoreModules.World.Permissions ulong powers = 0; if(GroupMemberPowers(sogGroupID, userID, ref powers)) { - if(powers == (ulong)GroupPowers.ObjectManipulate) + if((powers & (ulong)GroupPowers.ObjectManipulate) != 0) return true; if((ti.EveryonePermissions & (uint)PermissionMask.Copy) != 0) diff --git a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs index c55a7a6412..a75671e6fd 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Permissions.cs @@ -53,6 +53,7 @@ namespace OpenSim.Region.Framework.Scenes public delegate bool DuplicateObjectHandler(SceneObjectGroup sog, ScenePresence sp); public delegate bool EditObjectByIDsHandler(UUID objectID, UUID editorID); public delegate bool EditObjectHandler(SceneObjectGroup sog, ScenePresence sp); + public delegate bool EditObjectPermsHandler(SceneObjectGroup sog, UUID editorID); public delegate bool EditObjectInventoryHandler(UUID objectID, UUID editorID); public delegate bool MoveObjectHandler(SceneObjectGroup sog, ScenePresence sp); public delegate bool ObjectEntryHandler(SceneObjectGroup sog, bool enteringRegion, Vector3 newPoint); @@ -133,6 +134,7 @@ namespace OpenSim.Region.Framework.Scenes public event DuplicateObjectHandler OnDuplicateObject; public event EditObjectByIDsHandler OnEditObjectByIDs; public event EditObjectHandler OnEditObject; + public event EditObjectPermsHandler OnEditObjectPerms; public event EditObjectInventoryHandler OnEditObjectInventory; public event MoveObjectHandler OnMoveObject; public event ObjectEntryHandler OnObjectEntry; @@ -511,6 +513,24 @@ namespace OpenSim.Region.Framework.Scenes return true; } + public bool CanEditObjectPermissions(SceneObjectGroup sog, UUID editorID) + { + EditObjectPermsHandler handler = OnEditObjectPerms; + if (handler != null) + { + if(sog == null) + return false; + Delegate[] list = handler.GetInvocationList(); + foreach (EditObjectPermsHandler h in list) + { + if (h(sog, editorID) == false) + return false; + } + } + return true; + } + + public bool CanEditObjectInventory(UUID objectID, UUID editorID) { EditObjectInventoryHandler handler = OnEditObjectInventory; diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index f948336feb..d980fe517e 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs @@ -4460,8 +4460,11 @@ SendFullUpdateToClient(remoteClient, Position) ignores position parameter if (god) baseMask = 0x7ffffff0; - // Are we the owner? - if ((AgentID == OwnerID) || god) + bool canChange = (AgentID == OwnerID) || god; + if(!canChange) + canChange = ParentGroup.Scene.Permissions.CanEditObjectPermissions(ParentGroup, AgentID); + + if (canChange) { switch (field) { From 3a8dd24fd1c1aead0a81a4a9d63b59bbf9f10855 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Thu, 4 May 2017 11:37:13 +0100 Subject: [PATCH 08/10] move deep effective permissions aggregation to first time use and not on changes. There flag it is need with InvalidateDeepEffectivePerms(). Add config options PropagateGroupShareOutwards and PropagateAnyOneOutwards --- .../InventoryAccess/InventoryAccessModule.cs | 2 +- OpenSim/Region/Framework/Scenes/Scene.cs | 18 +++- OpenSim/Region/Framework/Scenes/SceneGraph.cs | 2 +- .../Scenes/SceneObjectGroup.Inventory.cs | 98 +++++-------------- .../Framework/Scenes/SceneObjectGroup.cs | 2 +- .../Scenes/SceneObjectPartInventory.cs | 2 +- .../Serialization/SceneObjectSerializer.cs | 4 +- .../Scenes/Serialization/SceneXmlLoader.cs | 2 +- OpenSim/Tests/Common/Helpers/SceneHelpers.cs | 2 + 9 files changed, 48 insertions(+), 84 deletions(-) diff --git a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs index f1885dad14..3f3245c28e 100644 --- a/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs +++ b/OpenSim/Region/CoreModules/Framework/InventoryAccess/InventoryAccessModule.cs @@ -1182,7 +1182,7 @@ namespace OpenSim.Region.CoreModules.Framework.InventoryAccess } rootPart.TrimPermissions(); - so.AggregateDeepPerms(); + so.InvalidateDeepEffectivePerms(); if (isAttachment) so.FromItemID = item.ID; diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 715ae5cc30..205a321112 100755 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -238,6 +238,16 @@ namespace OpenSim.Region.Framework.Scenes /// public bool LegacySitOffsets = true; + /// + /// set false to not propagare group rights outwards as legacy did + /// + public bool PropagateGroupShareOutwards = true; + + /// + /// set false to not propagare Everyone rights outwards as legacy did + /// + public bool PropagateAnyOneOutwards = true; + /// /// Can avatars cross from and to this region? /// @@ -978,7 +988,10 @@ namespace OpenSim.Region.Framework.Scenes m_maxDrawDistance = startupConfig.GetFloat("MaxDrawDistance", m_maxDrawDistance); m_maxRegionViewDistance = startupConfig.GetFloat("MaxRegionsViewDistance", m_maxRegionViewDistance); + // old versions compatibility LegacySitOffsets = startupConfig.GetBoolean("LegacySitOffsets", LegacySitOffsets); + PropagateGroupShareOutwards = startupConfig.GetBoolean("PropagateGroupShareOutwards", PropagateGroupShareOutwards); + PropagateAnyOneOutwards = startupConfig.GetBoolean("PropagateAnyOneOutwards", PropagateAnyOneOutwards); if (m_defaultDrawDistance > m_maxDrawDistance) m_defaultDrawDistance = m_maxDrawDistance; @@ -2390,8 +2403,9 @@ namespace OpenSim.Region.Framework.Scenes EventManager.TriggerOnSceneObjectLoaded(group); SceneObjectPart rootPart = group.GetPart(group.UUID); rootPart.Flags &= ~PrimFlags.Scripted; - group.AggregateDeepPerms(); + rootPart.TrimPermissions(); + group.InvalidateDeepEffectivePerms(); // Don't do this here - it will get done later on when sculpt data is loaded. // group.CheckSculptAndLoad(); @@ -2662,7 +2676,7 @@ namespace OpenSim.Region.Framework.Scenes if (UserManagementModule != null) sceneObject.RootPart.CreatorIdentification = UserManagementModule.GetUserUUI(ownerID); - sceneObject.AggregateDeepPerms(); + sceneObject.InvalidateDeepEffectivePerms();; sceneObject.ScheduleGroupForFullUpdate(); return sceneObject; diff --git a/OpenSim/Region/Framework/Scenes/SceneGraph.cs b/OpenSim/Region/Framework/Scenes/SceneGraph.cs index a005068ecf..91d2879c49 100755 --- a/OpenSim/Region/Framework/Scenes/SceneGraph.cs +++ b/OpenSim/Region/Framework/Scenes/SceneGraph.cs @@ -343,7 +343,7 @@ namespace OpenSim.Region.Framework.Scenes sceneObject.ForceInventoryPersistence(); sceneObject.HasGroupChanged = true; } - sceneObject.AggregateDeepPerms(); + sceneObject.InvalidateDeepEffectivePerms(); return ret; } diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs index 36844a9909..95a5887d75 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs @@ -254,13 +254,26 @@ namespace OpenSim.Region.Framework.Scenes // new test code, to place in better place later private object m_PermissionsLock = new object(); private bool m_EffectivePermsInvalid = true; + private bool m_DeepEffectivePermsInvalid = true; + // should called when parts chanced by their contents did not, so we know their cacche is valid + // in case of doubt call InvalidateDeepEffectivePerms(), it only costs a bit more cpu time public void InvalidateEffectivePerms() { lock(m_PermissionsLock) m_EffectivePermsInvalid = true; } + // should called when parts chanced and their contents where accounted for + public void InvalidateDeepEffectivePerms() + { + lock(m_PermissionsLock) + { + m_DeepEffectivePermsInvalid = true; + m_EffectivePermsInvalid = true; + } + } + private uint m_EffectiveEveryOnePerms; public uint EffectiveEveryOnePerms { @@ -317,79 +330,6 @@ namespace OpenSim.Region.Framework.Scenes } } - // aggregates perms scanning parts and their contents - // AggregatePerms does same using cached parts content perms - public void AggregateDeepPerms() - { - lock(m_PermissionsLock) - { - // aux - const uint allmask = (uint)PermissionMask.AllEffective; - const uint movemodmask = (uint)(PermissionMask.Move | PermissionMask.Modify); - const uint copytransfermask = (uint)(PermissionMask.Copy | PermissionMask.Transfer); - - uint basePerms = (RootPart.BaseMask & allmask) | (uint)PermissionMask.Move; - bool noBaseTransfer = (basePerms & (uint)PermissionMask.Transfer) == 0; - - uint rootOwnerPerms = RootPart.OwnerMask; - uint owner = rootOwnerPerms; - uint rootGroupPerms = RootPart.GroupMask; - uint group = rootGroupPerms; - uint rootEveryonePerms = RootPart.EveryoneMask; - uint everyone = rootEveryonePerms; - - // date is time of writing april 30th 2017 - bool newObject = (RootPart.CreationDate == 0 || RootPart.CreationDate > 1493574994); - SceneObjectPart[] parts = m_parts.GetArray(); - for (int i = 0; i < parts.Length; i++) - { - SceneObjectPart part = parts[i]; - part.AggregateInnerPerms(); - owner &= part.AggregatedInnerOwnerPerms; - group &= part.AggregatedInnerGroupPerms; - if(newObject) - everyone &= part.AggregatedInnerEveryonePerms; - } - // recover modify and move - rootOwnerPerms &= movemodmask; - owner |= rootOwnerPerms; - if((owner & copytransfermask) == 0) - owner |= (uint)PermissionMask.Transfer; - - owner &= basePerms; - m_EffectiveOwnerPerms = owner; - uint ownertransfermask = owner & (uint)PermissionMask.Transfer; - - // recover modify and move - rootGroupPerms &= movemodmask; - group |= rootGroupPerms; - if(noBaseTransfer) - group &=~(uint)PermissionMask.Copy; - else - group |= ownertransfermask; - - uint groupOrEveryone = group; - m_EffectiveGroupPerms = group & owner; - - // recover move - rootEveryonePerms &= (uint)PermissionMask.Move; - everyone |= rootEveryonePerms; - everyone &= ~(uint)PermissionMask.Modify; - if(noBaseTransfer) - everyone &=~(uint)PermissionMask.Copy; - else - everyone |= ownertransfermask; - - groupOrEveryone |= everyone; - - m_EffectiveEveryOnePerms = everyone & owner; - m_EffectiveGroupOrEveryOnePerms = groupOrEveryone & owner; - m_EffectivePermsInvalid = false; - } - } - - // aggregates perms scanning parts, assuming their contents was already aggregated and cached - // ie is AggregateDeepPerms without the part.AggregateInnerPerms() call on parts loop public void AggregatePerms() { lock(m_PermissionsLock) @@ -410,15 +350,22 @@ namespace OpenSim.Region.Framework.Scenes uint everyone = rootEveryonePerms; bool needUpdate = false; + bool propGroupOut = Scene.PropagateGroupShareOutwards; // date is time of writing april 30th 2017 - bool newObject = (RootPart.CreationDate == 0 || RootPart.CreationDate > 1493574994); + bool propAnyOut = Scene.PropagateAnyOneOutwards & (RootPart.CreationDate == 0 || RootPart.CreationDate > 1493574994); SceneObjectPart[] parts = m_parts.GetArray(); for (int i = 0; i < parts.Length; i++) { SceneObjectPart part = parts[i]; + + if(m_DeepEffectivePermsInvalid) + part.AggregateInnerPerms(); + owner &= part.AggregatedInnerOwnerPerms; group &= part.AggregatedInnerGroupPerms; - if(newObject) + if(propGroupOut) + group &= part.AggregatedInnerGroupPerms; + if(propAnyOut) everyone &= part.AggregatedInnerEveryonePerms; } // recover modify and move @@ -477,6 +424,7 @@ namespace OpenSim.Region.Framework.Scenes m_EffectiveGroupOrEveryOnePerms = tmpPerms; } + m_DeepEffectivePermsInvalid = false; m_EffectivePermsInvalid = false; if(needUpdate) diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index e73795e0ce..512656b319 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -2677,7 +2677,7 @@ namespace OpenSim.Region.Framework.Scenes if (dupe.m_rootPart.PhysActor != null) dupe.m_rootPart.PhysActor.Building = false; // tell physics to finish building - dupe.AggregateDeepPerms(); + dupe.InvalidateDeepEffectivePerms(); dupe.HasGroupChanged = true; dupe.AttachToBackup(); diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 4df1f27bdf..21bc19e5ab 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -979,7 +979,7 @@ namespace OpenSim.Region.Framework.Scenes } // old code end rootPart.TrimPermissions(); - group.AggregateDeepPerms(); + group.InvalidateDeepEffectivePerms(); } return true; diff --git a/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs b/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs index 87d1ace1b4..892403ba49 100644 --- a/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs +++ b/OpenSim/Region/Framework/Scenes/Serialization/SceneObjectSerializer.cs @@ -114,7 +114,7 @@ namespace OpenSim.Region.Framework.Scenes.Serialization // Script state may, or may not, exist. Not having any, is NOT // ever a problem. sceneObject.LoadScriptState(reader); - sceneObject.AggregateDeepPerms(); + sceneObject.InvalidateDeepEffectivePerms(); return sceneObject; } @@ -278,7 +278,7 @@ namespace OpenSim.Region.Framework.Scenes.Serialization // Script state may, or may not, exist. Not having any, is NOT // ever a problem. sceneObject.LoadScriptState(doc); - sceneObject.AggregatePerms(); +// sceneObject.AggregatePerms(); return sceneObject; } catch (Exception e) diff --git a/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs b/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs index 0f022dd58f..34fdb6df8f 100644 --- a/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs +++ b/OpenSim/Region/Framework/Scenes/Serialization/SceneXmlLoader.cs @@ -70,7 +70,7 @@ namespace OpenSim.Region.Framework.Scenes.Serialization //obj.RegenerateFullIDs(); scene.AddNewSceneObject(obj, true); - obj.AggregateDeepPerms(); + obj.InvalidateDeepEffectivePerms(); } } else diff --git a/OpenSim/Tests/Common/Helpers/SceneHelpers.cs b/OpenSim/Tests/Common/Helpers/SceneHelpers.cs index fbd7e90caa..7902fb1d60 100644 --- a/OpenSim/Tests/Common/Helpers/SceneHelpers.cs +++ b/OpenSim/Tests/Common/Helpers/SceneHelpers.cs @@ -626,6 +626,7 @@ namespace OpenSim.Tests.Common //part.ObjectFlags |= (uint)PrimFlags.Phantom; scene.AddNewSceneObject(so, true); + so.InvalidateDeepEffectivePerms(); return so; } @@ -652,6 +653,7 @@ namespace OpenSim.Tests.Common SceneObjectGroup so = CreateSceneObject(parts, ownerId, partNamePrefix, uuidTail); scene.AddNewSceneObject(so, false); + so.InvalidateDeepEffectivePerms(); return so; } From 34028198882be021c49725c342e8d2d494dc7286 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Thu, 4 May 2017 12:08:10 +0100 Subject: [PATCH 09/10] do the same in the cases we are just moving parts around and not changing their caches (ie their taskInventory) --- .../ClientStack/Linden/Caps/ObjectCaps/ObjectAdd.cs | 2 +- .../CoreModules/World/Objects/BuySell/BuySellModule.cs | 2 +- .../CoreModules/World/Vegetation/VegetationModule.cs | 2 +- OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 10 +++++----- OpenSim/Region/Framework/Scenes/SceneGraph.cs | 2 +- .../Framework/Scenes/SceneObjectGroup.Inventory.cs | 2 +- OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs | 10 +++++----- .../Framework/Scenes/SceneObjectPartInventory.cs | 6 ++---- .../Avatar/Attachments/TempAttachmentsModule.cs | 2 +- .../Scripting/JsonStore/JsonStoreScriptModule.cs | 2 +- .../World/TreePopulator/TreePopulatorModule.cs | 2 +- .../ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs | 2 +- 12 files changed, 21 insertions(+), 23 deletions(-) diff --git a/OpenSim/Region/ClientStack/Linden/Caps/ObjectCaps/ObjectAdd.cs b/OpenSim/Region/ClientStack/Linden/Caps/ObjectCaps/ObjectAdd.cs index 69fcb7d107..b044e564fb 100644 --- a/OpenSim/Region/ClientStack/Linden/Caps/ObjectCaps/ObjectAdd.cs +++ b/OpenSim/Region/ClientStack/Linden/Caps/ObjectCaps/ObjectAdd.cs @@ -357,7 +357,7 @@ namespace OpenSim.Region.ClientStack.Linden rootpart.NextOwnerMask = next_owner_mask; rootpart.Material = (byte)material; - obj.AggregatePerms(); + obj.InvalidateDeepEffectivePerms(); m_scene.PhysicsScene.AddPhysicsActorTaint(rootpart.PhysActor); diff --git a/OpenSim/Region/CoreModules/World/Objects/BuySell/BuySellModule.cs b/OpenSim/Region/CoreModules/World/Objects/BuySell/BuySellModule.cs index a7a9d1ddb7..6a8f4c04af 100644 --- a/OpenSim/Region/CoreModules/World/Objects/BuySell/BuySellModule.cs +++ b/OpenSim/Region/CoreModules/World/Objects/BuySell/BuySellModule.cs @@ -146,7 +146,7 @@ namespace OpenSim.Region.CoreModules.World.Objects.BuySell child.TriggerScriptChangedEvent(Changed.OWNER); child.ApplyNextOwnerPermissions(); } - group.AggregatePerms(); + group.InvalidateDeepEffectivePerms(); } part.ObjectSaleType = 0; diff --git a/OpenSim/Region/CoreModules/World/Vegetation/VegetationModule.cs b/OpenSim/Region/CoreModules/World/Vegetation/VegetationModule.cs index 167f6b50d2..4cee7a5f3b 100644 --- a/OpenSim/Region/CoreModules/World/Vegetation/VegetationModule.cs +++ b/OpenSim/Region/CoreModules/World/Vegetation/VegetationModule.cs @@ -107,7 +107,7 @@ namespace OpenSim.Region.CoreModules.World.Vegetation sceneObject.SetGroup(groupID, null); m_scene.AddNewSceneObject(sceneObject, true); - sceneObject.AggregatePerms(); + sceneObject.InvalidateDeepEffectivePerms(); return sceneObject; } diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index d55311e0e4..bba7a969d3 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs @@ -338,7 +338,7 @@ namespace OpenSim.Region.Framework.Scenes // Update item with new asset item.AssetID = asset.FullID; group.UpdateInventoryItem(item); - group.AggregatePerms(); + group.InvalidateEffectivePerms(); part.SendPropertiesToClient(remoteClient); @@ -1216,7 +1216,7 @@ namespace OpenSim.Region.Framework.Scenes } group.RemoveInventoryItem(localID, itemID); - group.AggregatePerms(); + group.InvalidateEffectivePerms(); } part.SendPropertiesToClient(remoteClient); @@ -1967,7 +1967,7 @@ namespace OpenSim.Region.Framework.Scenes part.Inventory.AddInventoryItem(taskItem, false); part.Inventory.CreateScriptInstance(taskItem, 0, false, DefaultScriptEngine, 0); - part.ParentGroup.AggregatePerms(); + part.ParentGroup.InvalidateEffectivePerms(); // tell anyone managing scripts that a new script exists EventManager.TriggerNewScript(agentID, part, taskItem.ItemID); @@ -2655,7 +2655,7 @@ namespace OpenSim.Region.Framework.Scenes // We can only call this after adding the scene object, since the scene object references the scene // to find out if scripts should be activated at all. - group.AggregatePerms(); + group.InvalidateEffectivePerms(); group.CreateScriptInstances(param, true, DefaultScriptEngine, 3); group.ScheduleGroupForFullUpdate(); @@ -2752,7 +2752,7 @@ namespace OpenSim.Region.Framework.Scenes // and with this comented code, if user does not set next permissions on the object // and on ALL contents of ALL prims, he may loose rights, making the object useless sog.ApplyNextOwnerPermissions(); - sog.AggregatePerms(); + sog.InvalidateEffectivePerms(); sog.ScheduleGroupForFullUpdate(); diff --git a/OpenSim/Region/Framework/Scenes/SceneGraph.cs b/OpenSim/Region/Framework/Scenes/SceneGraph.cs index 91d2879c49..117d92d1d1 100755 --- a/OpenSim/Region/Framework/Scenes/SceneGraph.cs +++ b/OpenSim/Region/Framework/Scenes/SceneGraph.cs @@ -2094,7 +2094,7 @@ namespace OpenSim.Region.Framework.Scenes child.TriggerScriptChangedEvent(Changed.OWNER); child.ApplyNextOwnerPermissions(); } - copy.AggregatePerms(); + copy.InvalidateEffectivePerms(); } } diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs index 95a5887d75..6bb92f4844 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs @@ -183,7 +183,7 @@ namespace OpenSim.Region.Framework.Scenes addFromAllowedDrop = (part.ParentGroup.RootPart.GetEffectiveObjectFlags() & (uint)PrimFlags.AllowInventoryDrop) != 0; part.Inventory.AddInventoryItem(taskItem, addFromAllowedDrop); - part.ParentGroup.AggregatePerms(); + part.ParentGroup.InvalidateEffectivePerms(); return true; } diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs index 512656b319..93c9b421aa 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.cs @@ -2943,7 +2943,7 @@ namespace OpenSim.Region.Framework.Scenes if (!m_scene.Permissions.BypassPermissions()) { ApplyNextOwnerPermissions(); - AggregatePerms(); + InvalidateEffectivePerms(); } } @@ -3605,7 +3605,7 @@ namespace OpenSim.Region.Framework.Scenes InvalidBoundsRadius(); InvalidatePartsLinkMaps(); - objectGroup.AggregatePerms(); + objectGroup.InvalidateEffectivePerms(); if (sendEvents) linkPart.TriggerScriptChangedEvent(Changed.LINK); @@ -4163,7 +4163,7 @@ namespace OpenSim.Region.Framework.Scenes // m_log.DebugFormat( // "[SCENE OBJECT GROUP]: RootPart.OwnerMask now {0} for {1} in {2}", // (OpenMetaverse.PermissionMask)RootPart.OwnerMask, Name, Scene.Name); - AggregatePerms(); + InvalidateEffectivePerms(); RootPart.ScheduleFullUpdate(); } @@ -4188,7 +4188,7 @@ namespace OpenSim.Region.Framework.Scenes { foreach (SceneObjectPart part in Parts) part.Inventory.ApplyGodPermissions(RootPart.BaseMask); - AggregatePerms(); + InvalidateEffectivePerms(); } HasGroupChanged = true; @@ -5447,7 +5447,7 @@ namespace OpenSim.Region.Framework.Scenes { part.ResetOwnerChangeFlag(); }); - AggregatePerms(); + InvalidateEffectivePerms(); } // clear some references to easy cg diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 21bc19e5ab..23da90abe3 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs @@ -1031,8 +1031,7 @@ namespace OpenSim.Region.Framework.Scenes if (considerChanged) { - m_part.AggregateInnerPerms(); - m_part.ParentGroup.AggregatePerms(); + m_part.ParentGroup.InvalidateDeepEffectivePerms(); HasInventoryChanged = true; m_part.ParentGroup.HasGroupChanged = true; } @@ -1075,8 +1074,7 @@ namespace OpenSim.Region.Framework.Scenes m_items.Remove(itemID); m_items.LockItemsForWrite(false); - m_part.AggregateInnerPerms(); - m_part.ParentGroup.AggregatePerms(); + m_part.ParentGroup.InvalidateDeepEffectivePerms(); m_inventorySerial++; m_part.TriggerScriptChangedEvent(Changed.INVENTORY); diff --git a/OpenSim/Region/OptionalModules/Avatar/Attachments/TempAttachmentsModule.cs b/OpenSim/Region/OptionalModules/Avatar/Attachments/TempAttachmentsModule.cs index 92b583136c..c3f38511dd 100644 --- a/OpenSim/Region/OptionalModules/Avatar/Attachments/TempAttachmentsModule.cs +++ b/OpenSim/Region/OptionalModules/Avatar/Attachments/TempAttachmentsModule.cs @@ -174,7 +174,7 @@ namespace OpenSim.Region.OptionalModules.Avatar.Attachments child.TriggerScriptChangedEvent(Changed.OWNER); child.ApplyNextOwnerPermissions(); } - hostgroup.AggregatePerms(); + hostgroup.InvalidateEffectivePerms(); } hostgroup.RootPart.ObjectSaleType = 0; diff --git a/OpenSim/Region/OptionalModules/Scripting/JsonStore/JsonStoreScriptModule.cs b/OpenSim/Region/OptionalModules/Scripting/JsonStore/JsonStoreScriptModule.cs index 6cf0092266..fe8d9621e1 100644 --- a/OpenSim/Region/OptionalModules/Scripting/JsonStore/JsonStoreScriptModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/JsonStore/JsonStoreScriptModule.cs @@ -665,7 +665,7 @@ namespace OpenSim.Region.OptionalModules.Scripting.JsonStore taskItem.AssetID = asset.FullID; host.Inventory.AddInventoryItem(taskItem, false); - host.ParentGroup.AggregatePerms(); + host.ParentGroup.InvalidateEffectivePerms(); m_comms.DispatchReply(scriptID,1,assetID.ToString(),reqID.ToString()); } diff --git a/OpenSim/Region/OptionalModules/World/TreePopulator/TreePopulatorModule.cs b/OpenSim/Region/OptionalModules/World/TreePopulator/TreePopulatorModule.cs index b26fa3298d..da8c9a39b2 100644 --- a/OpenSim/Region/OptionalModules/World/TreePopulator/TreePopulatorModule.cs +++ b/OpenSim/Region/OptionalModules/World/TreePopulator/TreePopulatorModule.cs @@ -525,7 +525,7 @@ namespace OpenSim.Region.OptionalModules.World.TreePopulator sceneObject.SetGroup(groupID, null); m_scene.AddNewSceneObject(sceneObject, true); - sceneObject.AggregatePerms(); + sceneObject.InvalidateEffectivePerms(); return sceneObject; } diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs index e12cedf96a..e51a078ba0 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs @@ -2048,7 +2048,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api m_host.Inventory.AddInventoryItemExclusive(taskItem, false); else m_host.Inventory.AddInventoryItem(taskItem, false); - m_host.ParentGroup.AggregatePerms(); + m_host.ParentGroup.InvalidateDeepEffectivePerms(); return taskItem; } From 04a50b47bfe2b10dfaad9fd67c2247ae40e97d84 Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Thu, 4 May 2017 12:35:42 +0100 Subject: [PATCH 10/10] the new options i add where actually bad idea, they would make the compatibility issue ethernal. Removed and extended the ugly date hack to group share outwards propagation, until a better way is found at least --- OpenSim/Region/Framework/Scenes/Scene.cs | 12 ------------ .../Framework/Scenes/SceneObjectGroup.Inventory.cs | 7 +++---- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/OpenSim/Region/Framework/Scenes/Scene.cs b/OpenSim/Region/Framework/Scenes/Scene.cs index 205a321112..e709d6cbed 100755 --- a/OpenSim/Region/Framework/Scenes/Scene.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.cs @@ -238,16 +238,6 @@ namespace OpenSim.Region.Framework.Scenes /// public bool LegacySitOffsets = true; - /// - /// set false to not propagare group rights outwards as legacy did - /// - public bool PropagateGroupShareOutwards = true; - - /// - /// set false to not propagare Everyone rights outwards as legacy did - /// - public bool PropagateAnyOneOutwards = true; - /// /// Can avatars cross from and to this region? /// @@ -990,8 +980,6 @@ namespace OpenSim.Region.Framework.Scenes // old versions compatibility LegacySitOffsets = startupConfig.GetBoolean("LegacySitOffsets", LegacySitOffsets); - PropagateGroupShareOutwards = startupConfig.GetBoolean("PropagateGroupShareOutwards", PropagateGroupShareOutwards); - PropagateAnyOneOutwards = startupConfig.GetBoolean("PropagateAnyOneOutwards", PropagateAnyOneOutwards); if (m_defaultDrawDistance > m_maxDrawDistance) m_defaultDrawDistance = m_maxDrawDistance; diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs index 6bb92f4844..f778367ce6 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectGroup.Inventory.cs @@ -350,9 +350,8 @@ namespace OpenSim.Region.Framework.Scenes uint everyone = rootEveryonePerms; bool needUpdate = false; - bool propGroupOut = Scene.PropagateGroupShareOutwards; // date is time of writing april 30th 2017 - bool propAnyOut = Scene.PropagateAnyOneOutwards & (RootPart.CreationDate == 0 || RootPart.CreationDate > 1493574994); + bool newobj = (RootPart.CreationDate == 0 || RootPart.CreationDate > 1493574994); SceneObjectPart[] parts = m_parts.GetArray(); for (int i = 0; i < parts.Length; i++) { @@ -363,9 +362,9 @@ namespace OpenSim.Region.Framework.Scenes owner &= part.AggregatedInnerOwnerPerms; group &= part.AggregatedInnerGroupPerms; - if(propGroupOut) + if(newobj) group &= part.AggregatedInnerGroupPerms; - if(propAnyOut) + if(newobj) everyone &= part.AggregatedInnerEveryonePerms; } // recover modify and move